Director of Information Security

We have an exciting opportunity for a Director of Information Security at UL Research Institutes and UL Standards & Engagement, based in our Northbrook, IL office. The Director of Information Security is responsible for developing, implementing, and maintaining a comprehensive information security program that aligns with the organization's mission and objectives. The successful candidate will work closely with the executive team, legal counsel, UL Research Institutes and UL Standards and Engagement organizations to ensure the highest level of security for all information systems, data, and intellectual property.

Underwriters Laboratories

At UL Research Institutes and UL Standards & Engagement (UL), we wake up every day with a common purpose: to make the world a safer, more secure, and sustainable place. Science is in our DNA; we are endlessly curious and passionate about seeking and speaking the truth. We take delight in knowing that our work makes a meaningful contribution to society, and we are proud that our culture is centered on integrity, collaboration, inclusion, and excellence. UL stands at the forefront of technological advancement, and we are continually challenged to find new ways to foster innovation and positive change. Satisfying? Yes. Exciting? Absolutely!

As the Director of Information Security, you will play a key role in the rapid growth of UL Operations as you:

• Develop and maintain a comprehensive information security program that includes policies, procedures, and guidelines that align with industry standards and best practices.
• Conduct risk assessments to identify vulnerabilities and potential threats to the organization's information systems, data, and intellectual property.
• Develop and implement security measures to mitigate identified risks and ensure the highest level of security for all information systems, data, and intellectual property.
• Ensure compliance with applicable laws, regulations, and industry standards related to information security. Monitor and audit access controls to ensure compliance with policies and regulations.
• Develop and oversee effective disaster recovery policies and standards to align with the enterprise business continuity management (BCM) program goals, with the realization that components supporting primary business processes may be outside the corporate perimeter.
• Establish and manage a Threat Intelligence function to identify potential threats and vulnerabilities to the organization.
• Develop and maintain an Identity and Access Management (IAM) program that ensures appropriate access controls are in place for all critical assets and manage relevant policies, procedures, and guidelines.
• Develop and maintain incident response plans to ensure the organization is prepared to respond to security incidents in a timely and effective manner.
• Provide regular reports to the executive team, legal counsel and Board of Directors on the organization's information security program and related activities.
• Work collaboratively with other departments and stakeholders to ensure information security is integrated into all aspects of the organization's operations.
• Lead training and awareness initiatives to educate employees on information security best practices and ensure a culture of security throughout the organization.
• Contribute to and/or lead other department specific and cross-functional initiatives.

While no one candidate will embody every quality, the successful candidate will bring many of the following professional competencies and personal attributes:

• Expert understanding of regulatory requirements, including GDPR, HIPAA, and PCI DSS.
• Strategic leader and builder of both vision and bridges, and able to energize the appropriate teams in the organization.
• Ability to lead and motivate the information security team to achieve tactical and strategic goals, even when only "dotted line" reporting lines exist.
• Strong leadership and communication skills, with the ability to communicate complex technical issues to non-technical stakeholders.
• Strong project management skills, with the ability to manage multiple projects simultaneously and deliver on-time, within budget, and to the required quality standards.
• Strong vendor management skills, with the ability to manage relationships with multiple vendors.
• Strong analytical and problem-solving skills, with the ability to quickly identify and resolve complex technical issues.
• A thought leader, a builder of consensus and of bridges between business and technology. He or she is an integrator of people, process, and technology. While this role is the leader of the information security program, he or she must also be able to coordinate disparate drivers, constraints, and personalities, while maintaining objectivity and a strong understanding that cybersecurity is foundational for the organization to deliver on its business goals and objectives.

Professional education and experience requirements for the role include:

• Bachelor's degree in Information Technology, Computer Science, or a related field.
• Minimum of 10 years of experience in information security, with at least 5 years in a leadership role.
• Expertise in information security principles, practices, and technologies, including security architecture, network security, identity and access management, threat intelligence, and security operations.
• Management experience leading teams, developing strategy, and executing plans.
• Knowledge of common information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT as well as those from NIST, including 800-53 and Cybersecurity Framework.
• Professional security certifications such as CISSP, CISM, or CISA are highly desirable.
• Management experience leading teams, developing strategy, and executing plans.

UL has COVID-19 protocols and policies in place to ensure the safety of our employees, customers, and clients. Effective November 1, 2021, the company mandates that employees are vaccinated against COVID-19 as a condition of employment (except where prohibited by law), subject to reasonable accommodation as required by law.

• Mission: For UL, corporate and social responsibility isn’t new. Making the world a safer, more secure, and sustainable place has been our business model for the last 128 years and is deeply ingrained in everything we do.
• People: Ask any UL employee what they love most about working here, and you’ll almost always hear, “the people.” Going beyond what is possible is the standard at UL. We’re able to deliver the best because we employ the best.
• Interesting work: Every day is different for us here as we eagerly anticipate the next innovation that our customers create. We’re inspired to take on the challenge that will transform how people live, work and play. And as a global company, in many roles, you will get international experience working with colleagues around the world.
• Grow & achieve: We learn, work, and grow together with targeted development, reward, and recognition programs as well as our very own UL University that offers extensive training programs for employees at all stages, including a technical training track for applicable roles.
• Total Rewards: All employees at UL Research Institutes and UL Standards & Engagement are eligible for bonus compensation. We offer comprehensive medical, dental, vision, and life insurance plans. a generous 401k matching structure of up to 5% of eligible pay. Additionally, we invest an additional 4% into your retirement saving fund after your first year of continuous employment. Depending on your role, you can work with your manager on flexible working arrangements. We also provide employees with paid time off including vacation, holiday, sick and volunteer time off.

UL Research Institutes and UL Standards & Engagement are nonprofit organizations dedicated to advancing safety science research through the discovery and application of scientific knowledge. We conduct rigorous independent research and analyze safety data, convene experts worldwide to address risks, share knowledge through safety education and public outreach initiatives, and develop standards to guide safe commercialization of evolving technologies. We foster communities of safety, from grassroots initiatives for neighborhoods to summits of world leaders. Our organization employs collaborative and scientific approaches with partners and stakeholders to drive innovation and progress toward improving safety, security, and sustainability, ultimately enhancing societal well-being.

Our wholly owned subsidiary, UL Solutions, advances our shared public safety mission. We fund our work through grants, the licensing of standards documents and the business activities of UL Solutions, which conducts testing, verification, and certification, and provides training and advisory services, along with data-driven reporting and decision-making tools for customers around the world. To learn more, visit our websites UL.org and ULSE.org.